Trojans on web sites - Question

Post Reply New Topic

I just read an article about yet another website that had been booby-trapped by hackers:

http://www.theregister.co.uk/2009/01/13/paris_hilton_site_hacked/

In the article it says: users were prompted to install an "update" via a dialogue box. Whether they accepted this update or decided to "cancel" it, a download of a malicious executable was initiated.

It isn't the sort of website I tend to visit, but such malware could possibly exist on sites I do visit, especially when following more or less random links on Reddit.

My question is: What is the best thing to do if you get such a dialogue box?

Is it ALWAYS safe to just click the X in the top right corner of the dialogue window to close it or can this button be booby-trapped too?

I am not that familiar with web programming, I write software for Windows forms and it is a trivial thing to link the windows close button to whatever code I want to run. Does this same vulnerability apply to web dialogue forms?

The last time I had such a dialogue box crop up (years ago) I clicked nothing, instead I physically disconnected the internet connection and shut the computer down. Is this overkill or wise?

I don't see any reason why malware would need your help to break Windows once it starts.

Always save backup copies of all of your important data files on removable discs
and know that some day your hard disc drive will inevitably crash.

edit: answer to question: don't touch the pop-up, but see if you can close it's window
indirectly if your browser has a tab for it ... can you right click on the tab and close it there?
Otherwise maybe close the browser including ALL of it's windows.
No, I don't trust that a bad pop-up will be nice enough to just close if you click the X.

edit2:

This is what I do when something fishy goes on, but I don't use Windows and my OS is not in danger of corruption from pulling the computer power plug like Windows is. In Windows you would have to go into safe mode, save your data, and then reboot and see if it's OK or needs to be restored.

edit3:I long ago got sick of the never-ending Windows malware hell, but I did notice that public computers seem to have a kind of installation which I think is VM (Virtual Machine), which seems to not suffer from malware with a hundred different users a day logging on and going to all kinds of sites, and reboots clean when each logs off. Maybe someone knows how to set it up like that.

Well I don't need to worry, because I use Ubuntu as my primary OS. Windows malicious programs won't work in it . In fact most if not all of them won't even work properly in Wine : ( http://www.winehq.org )

If using Windows it is a great idea to not use the most targeted by malicious programs Internet Explorer, because of it's many security issues, and to instead use a browser such as Mozilla Firefox or Opera.

I know how to make an Internet connected Windows installation very secure, but I have my reasons as to why I won't just share this information here. However a good start as already mentioned is to not use Internet Explorer, but also to run Windows with a limited account most of the time, and only admin to say install a new program. This way malicious programs will find it harder to get on there.

Admin account means full power to the user, but also malicious programs. The first or only user with Windows XP becomes admin by default.

I would recommend using the latest version of Firefox with the ADBlock Plus extension.

And if you get infected with trojans you can check out my cnet page which contains some personal reviews of anti-virus and anti-spyware software.

I would be not that certain. There are some known security issues with java script and even the Flashplayer under Linux. To be very save you could go either the minimalistic way and use Lynx (http://lynx.isc.org/) or make a reasonable compromise and use e.g. the no-script extension on firefox.

I agree they are much less than under Win with the IE, but they exist and even a Linux user shall be aware.

let me check this -

is The Register infected, or was the article there? I know they do a lot of computer stuff there...I'd really miss the Bastard operator from Hell and Verity Stobb....

Linux doesn't have a registry to infect, and the fact that it runs a limited account as standard and requiring root password to be entered for any change to the system is a decent security check, although if Linux makes gains in the market, you'll start seeing more linux-oriented malware... At this point, the reason Windows is still so targeted is because it has 90% of the user share...

Linux does not have a registry, but a whole bunch of file which do similar thinks, namely under the ~/.kde and ~/.gnome directory, you have also files like ~/.profile which are executed with each login and those files are manipulatable by the user.

Besides the reason that a normal user has no rights of altering system resources (e. g. in /etc/) the diversity of Linux system with different installation targets and methods and different set-ups, a whole bunch of e-mails clients, etc. makes it much more difficult to write here effective malware, but it can't be fully excluded.

I think that you right, when you wrote that the minority status of Linux is one of the reasons for the relative high safety.

Besides this: The most security issues with Linux are caused by running net-services, like ssh-, ftp-, mail- or apache-server, under the root-account. A normal home user does not really to run this services.